I've found out that we got around 2 million session files, although I'm regularly running sessions2trash.py to clean up old sessions. We got many users and requests but the number of sessions is still way too much.
When a user (who is not logged in) makes a new request a new session file is created. On the next request the same session file is reused, this seems fine. Which expiration time does this session file get? can I set it somehow? maybe it's all those session files without expiration which are not deleted by sessions2trash.py ... I've seen in the documentation that it is possible to store sessions in cookies. This seems like a good way to get rid of all those session files and improve performance. Since I don't store much data in the session the small cookie size limit is not a problem for me. I'd like to know how this internally works, is it secure? How does web2py know from this session in the cookie if the user is logged in? Isn't it possible to pretend being someone else and login into another account if there is no login information stored on the server? thanks, Alex -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
